It always cracks me up when I read what companies will and won’t do because of their legal team.   We all know that IP and privacy law is immensely important, but I think we lose sight of the big picture when we presume that innovation can be stunted by legalese.

Case in point, Mike Vizard from IT Business Edge writes that the “Patriot Act May Hamper Cloud Adoption“:

But when it comes to actual corporate data, Massaro is betting that no matter what the economics are, corporate legal departments are going to direct their corporate officers to steer clear of any service that eliminates their ability to keep potential damaging information out of the hands of Federal prosecutors without so much as the nicety of being told what the government might actually be looking for.

The author also assumes that these sorts of National Security Letters are equivalent to someone sneaking in your backdoor, taking a sip of your milk from your kitchen, and not even leaving a thank you note.  However, the NSL’s have been explicity prevented from maintain a gag order, so all a service provider needs to do is notify you of the letter in question and you have the same effective protection as you would if your data was under your mattress.

This would be concerning if it made a difference if your data was on the cloud or not.  What company is going to be able to keep their data from the Federal government under subpoana or other legal device?  I’m not a lawyer, but if I played one on TV I’d take a look at this gem from AIG:

“More love notes from Elias,” Cassano wrote to his subordinates as he forwarded another set of Habayeb questions. “Please go through the same drill of drafting answers . . .”

The Cassano-Habayeb correspondence, along with thousands of other e-mails obtained by The Washington Post, as well as supporting interviews, reveal a company wracked by more division, doubt and turmoil than anyone on the outside realized during those tense months in 2007, a full year before the federal government undertook one of the largest corporate bailouts in U.S. history to prevent AIG’s collapse.

Whoa. I’m reading AIG’s emails. But, I’m pretty sure they weren’t “on the cloud.” How on earth did the Washington Post get these emails if they weren’t on the cloud??

Major cloud utility providers need to continue to publish transparent policies that address specific concerns like this.   However, the reality is that there are a dozen ways for the government, reporters, employees, hackers, and other malicious or benign agents to peruse and expose your data.   The cloud doesn’t guarantee security, but the alternatives also do not.  And as much as I love a good lawyer, they sadly can’t prevent de facto data leakage either.   Only diligence, a sound security policy, and the right mix of vendors, services, and products, can give you the peace of mind that you are doing everything you can to protect your company information.